VYPR

P 660hw

by Zyxel

CVEs (11)

  • CVE-2015-6016CriDec 31, 2015
    risk 0.64cvss 9.8epss 0.06

    ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors.

  • CVE-2018-5330HigJan 16, 2018
    risk 0.49cvss 7.5epss 0.02

    ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets.

  • CVE-2017-17901HigDec 29, 2017
    risk 0.49cvss 7.5epss 0.02

    ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.

  • CVE-2015-6017MedDec 31, 2015
    risk 0.40cvss 6.1epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter.

  • CVE-2014-4162Jun 16, 2014
    risk 0.03cvss epss 0.03

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1.

  • CVE-2019-6725May 31, 2019
    risk 0.00cvss epss 0.02

    The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin.

  • CVE-2013-3588Apr 2, 2014
    risk 0.00cvss epss 0.02

    The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets.

  • CVE-2008-1257Mar 10, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter.

  • CVE-2008-1256Mar 10, 2008
    risk 0.00cvss epss 0.03

    The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access.

  • CVE-2008-1254Mar 10, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors.

  • CVE-2008-1255Mar 10, 2008
    risk 0.00cvss epss 0.04

    The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user.